AF_UNIX relaxed security patch

egor duda
Thu Aug 16 07:37:00 GMT 2001


Thursday, 16 August, 2001 Jason Tishler wrote:

JT> I believe that the following patch:


JT> and specifically this portion:


JT> is preventing PostgreSQL AF_UNIX socket clients from being able to
JT> connect to postmaster when it is running under a different user account.

JT> This lead to the following bug report on the Cygwin mailing list:


JT> The attached patch relaxes the security so that this problem is mitigated.
JT> However, I admit to not fully grokking the security ramification of
JT> my change.  Did I open up access to secret_event too much?

no. security is provided by proper permissions on socket file and
randomness of event name. as long as some application _knows_ the name
of event, it should be able to signal it.

a bit more "pedantic" solution is to get security info from socket
file and apply it to event. But, iirc, under win32 one should have a
special permission to obtain security information.

JT>  Is there a better way to fix this problem?

i think this patch is correct. i've checked it in. Thanks for tracking
it down and fixing!

Egor.   ICQ 5165414 FidoNet 2:5020/496.19

More information about the Cygwin-patches mailing list